Senior Penetration Tester

Looking for an innovative, high-growth, multi-award-winning company in one of the hottest segments of the security market? Veracode!

Veracode is a global leader in Application Risk Management for the AI era. Powered by trillions of lines of code scans and a proprietary AI-generated remediation engine, the Veracode platform is trusted by organizations worldwide to build and maintain secure software from code creation to cloud deployment.

Learn more at www.veracode.com, on the Veracode blog, and on LinkedIn and Twitter.

• Determine and translate the department delivery strategy into actionable, measurable results.
• Provide engagement oversight, ensuring delivery success and customer satisfaction.
• Contribute to the ongoing maintenance of best practices, which can be referenced by colleagues, customers, prospects, and other external parties.
• Resolve complex problems that arise in everyday work and escalate more complex problems to director level.
• Maintain utilization target by delivering Security Consulting and assisting other team members with billable work. Non-billable work may consist of internal initiatives or other projects.
• Lead and contribute to the development of tooling and automation to improve team and client productivity.
• Act as an ambassador to other departments within Veracode, including Customer Success, Solutions Architecture, Sales, and Engineering and Product Management.

• Bachelor's degree or global equivalent in a related field.
• 4 years plus experience of Pen testing.
• Excellent verbal and written communication and presentation skills; ability to work under pressure collaboratively to solve complex problems; strong attention to detail a must.
• CREST, OSCP, OSCE, OSEP, GWAPT, GXPN, or similar certifications
• Experience with cloud security testing (AWS, Azure, GCP)
• Strong understanding of security frameworks and vulnerabilities (e.g., OWASP, CVSS, NIST)
• Experience using tools like Burp Suite, Nmap, Metasploit, Kali Linux, etc.
• Solid scripting skills in Python, Bash, or PowerShell (for tool development or automation)
• Understanding of AI-specific attack vectors, such as prompt injection, data poisoning, model inversion, or adversarial inputs
• Familiarity with general application and network security concepts including testing web applications, mobile applications, web services, network infrastructures, and thick-client applications.
• Familiarity with software architecture and design, application security concepts, and engineering processes.
• Knowledge of current and emerging technologies, tools, methodologies, information security principles, and impact to the security consulting industry.
• Previous experience working with software development.
• Experience creating standard practices, policies, and guidelines to help streamline operational functions.